Cyber Incident Victim: Liverpool One Shopping Centre
Date:
May 2017
Location:
United Kingdom
Summary
A large outdoor digital billboard at Liverpool One shopping centre was defaced by hackers displaying a message urging improved security alongside the hashtag "#JFT96," referencing the Hillsborough disaster. The screen, operated externally by Elonex, was promptly deactivated by the shopping centre upon discovery, with no other displays affected; Elonex characterized the incident as good-natured and non-disruptive, though cybersecurity experts highlighted broader vulnerabilities in such connected systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On 29 May 2017, a large outdoor digital billboard at Liverpool One shopping centre displayed an unauthorized message after an apparent security breach. The defaced screen showed text reading: "We suggest you improve your security. Sincerely, your friendly neighbourhood hackers," accompanied by the hashtag "#JFT96" - an abbreviation referencing the "Justice for the 96" campaign related to the 1989 Hillsborough disaster. Visitors documented the incident through photos shared on Reddit and Twitter, confirming the message's public visibility. Liverpool One management disabled the compromised screen immediately upon being notified of the breach. The shopping centre clarified that the affected display was one of eighteen screens operated by external contractor Elonex, with no other digital signage in the complex impacted. Initial statements from both Liverpool One and Elonex characterized the incident as isolated, with the latter describing the hack as "good-natured" and not intended to cause offense or major disruption.
Elonex confirmed they were urgently investigating the weekend incident affecting their Liverpool One operations. Cybersecurity researcher Kevin Beaumont reported that multiple screens at the facility were subsequently deactivated as a precautionary measure, with his friend having witnessed the hacked message on 29 May. While the perpetrators' identity and intrusion methods remained undetermined, University of Surrey cybersecurity expert Prof Alan Woodward highlighted the broader implications of such breaches, noting that seemingly minor systems like advertising displays could provide entry points for more malicious actors. The incident concluded with no reported data compromises or extended service interruptions beyond the temporary screen deactivations, though it demonstrated vulnerabilities in publicly accessible digital infrastructure. Liverpool One maintained operational continuity throughout the event while relying on Elonex's investigation to determine the breach's origin and full scope.